Am struggling with poc - can’t get a ping or test-connection back nor downloadstring or file running from the cmd.x or ps.x no connection.
Found creds! Trying to get a reverse shell with the PoC
finally got root 
Thanks for this box to learn something new (PoC) and some options to test multiple solution for getting root.
Again thanks to IppSec sharing all his knowledge on YT.
Since I’m just beginner on pentesting this helps me a lot to find possible solutions, getting important hints on how to use available tools, etc!
Since I was using the U***** path I’m wondering about the other options.
I haven’t had any success using the T* route so maybe someone can give me a nudged on how to go that way? Or was this just a rabbit hole?
I am a bit lost, I found credentials, and also used the PoC to drop nc or a msfvenom payload. But I cant get it to execute cause no icoming connection. Can someone give me a hint ?
the fastest rooting so far , I hope it was intended. Thanks to the creator
@ArcVael , I was getting the same issues until I reset the machine several time. I guess if you are the first user to exploit the U*s**C after reset, it will be alright.
Type your comment> @unethicalnoob said:
@gorash said:
I am a bit lost, I found credentials, and also used the PoC to drop nc or a msfvenom payload. But I cant get it to execute cause no icoming connection. Can someone give me a hint ?I have the same issue. don’t know what’s happening in the background…Need help!
Make sure your payload parameters are correct (srvhost and lhost)
Rooted both ways! Nice machine. Stucked for some time with the payload for the PoC because of some silly mistake, but then all straightforward.
Ok wauw have been staring like crazy to a white screen for a long time until I looked on my watch and realized that time is of the essence.
So for anyone having the same silly problem, remember to keep track of time 
Anyhow, box is straightforward only might take some time to get everything properly set. As always has been some fun. Enjoy guys!
While trying the U***** method for root, I’m getting an error saying it doesn’t start in a timely fashion. Did anyone else face that?
Edit: Got the root shell.
However, can’t read the root.txt file. I’m going absolutely crazy.
Every time I try to read it, the shell freezes. Wtf?
Edit 2: Nevermind, got it.
Weird tho.
Gents,
So, I did shmnt and found my way into a file system. However, from what I can tell, there is absolutely nothing within that I can utilize! All I would like to know is if I am spending hours going through USELESS information?
NOTE I am in using mt ns /st_b*up /mt <----- if this helps let you know what Im looking at!
Type your comment> @CandiedPixel said:
Gents,
So, I did shmnt and found my way into a file system. However, from what I can tell, there is absolutely nothing within that I can utilize! All I would like to know is if I am spending hours going through USELESS information?
NOTE I am in using mt ns /st_b*up /mt <----- if this helps let you know what Im looking at!
there is definitely something useful in there. Also, don’t just crawl through all of it hoping to stumble upon something interesting. Do some googling and find out where this type of site stores credentials
Finally rooted! My way:
User: enum, double enum, “mountines”, enum, strings, crack…enum again, CVE, doesn’t work from the box, change the process, shell, flag
root: enum, remote, “deeper” enum, find the right cracker, got passwd, flag
PM me for the help
I have a shell and I have been crawling all over looking for what I assume are more creds. (I have read the entire thread) I have seen the TV service and assume I will be exploiting it somehow. I have done some research on how that will be done. I attempted the 2 ways I know of privesc by messing with the services. Niether got me root. And tips would be helpful. PM me if you don’t want to spill too much here. I can explain in more detail what I have done and what I have currently. Thank you in advance.
Type your comment> @kalitkd said:
hey to all good hackers in this community.
about this machine I’m running some problems to get root and I need to clarify to all running the same problems…
@kalitkd we are in the same boat my friend, let me know if u got any clues…
I managed to get the a**** credentials on the login page but every time I try to login I just get a ‘Session timed out’ error in response. Running the 4****.py script with those creds gives me an error on line 54 that it didn’t get a cookie, implying the creds didn’t work. any hints?
Hmmm… Not too sure what I should be editing in the POC. Have tried editing the cmd and proc.StartInfo.FileName variables and inputting some kind of nc.exe payload over SMB but no connection being called back or ping to verify code execution.
Please help.
Thanks.
Actually this is a really nice box, but I really struggled on User and then on Root as well. ?
User: As others said, there is really little to do, to make it work. I think I just missed the point completely here and ended up completely re-writing the pld part using PS*, which in the end worked really well for me.*
Root: I ran into error 1053 here as well, as others already did here. I know you don’t want to hear this, and I also don’t want to encourage others to reset the box even more, but this really was the only thing that worked for me.
→ Doing this step directly after a fresh reset.
*I guess hacking sometimes needs to be kinda brainfuck… Like using a script in one language, performing an exploit in a kind of markup language, which then runs a programming language to start a process running yet in another language. Hope that’s not too spoily and/or confusing ??